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Appendix: F-PROT Professional for 
DOS 


F-PROT Professional for DOS can be used directly from the supplied diskette, but 
the hard disk installation speeds it up and makes it easier to use. F-PROT 
Professional for DOS takes up about two megabytes of hard disk space. However, 
some of the files can be omitted to save storage space. The files essential for 
normal operation of F-PROT Professional for DOS with the background-checking 
program VIRSTOP active in memory are: F-PROT.exe, VIRSTOP.exe, Sign.def, and 
English.txO or another .tx0O language file. If you choose this minimum configuration, 
you won’t be able to change the language used or view the virus descriptions. 
Otherwise, the program will function normally. 


The original diskette should be write-protected and kept in a safe place, because it 
may be needed in case of a virus outbreak. We also recommend, that you create 
an Anti-Virus Diskette for use when you discover a problem. This will make it easier 
to recover from disk crashes, virus infection, or data loss caused by an error. 


F-PROT Professional for DOS performs at two levels: 


1. VIRSTOP is a memory-resident background scanning program. The main 
purpose of VIRSTOP is to prevent the execution of programs infected with 
known viruses. 

2. Further protection against virus infection is given by the disk-based 
programs, F-PROT Professional and F-CHECK, which offer more 
comprehensive virus scanning as well as facilities to recover from virus 
infections. 


Installing F-PROT Professional for DOS 


To install F-PROT Professional for DOS, follow the steps listed below: 


1. Start your computer from a clean write-protected diskette. 


2. Insert the write-protected F-PROT Professional for DOS diskette into the 
appropriate drive and switch to that drive. This is usually drive A:. 


3. Type install <ENTER> 


If the version you are installing has more than one language, you will first be asked 
the installation language. After you select the language, the main installation 
screen appears. 


This screen shows the command line switches that will be set when VIRSTOP is 
installed and running. If your computer is not short of memory, deselect \DISK by 
moving to VIRSTOP, using the ARROW keys, and then pressing ENTER. A menu will 
be displayed. 


Press the SPACEBAR to toggle the switch setting to No, and press ENTER to make the 
change. Press ESc twice to get back to the main menu and move to Start 
Installation. Press ENTER to start installation. 


4. Before the installation is complete, a message will be displayed, asking 
whether you would like to change the message which VIRSTOP gives whenever it 
finds a virus. Press y if you wish to have a customized message displayed. Write 
the message to the message line and press enter. 


5. When the installation is complete, you will be queried whether you want 
F-PROT to scan the hard disk immediately. We recommend, that you press yY. 


Once the hard disk has been scanned and found to be clean, the following 
message appears: 


No viruses or suspicious files/boot sectors were found. 
F-PROT Professional for DOS is now installed. 


6. The virus-stopping program, VIRSTOP, can be activated at once by restarting 
the computer. To do this, remove diskette from the drive A: and press CTRL ALT DEL 
simultaneously. From now on whenever you start your computer, the background 
virus stopper, VIRSTOP, is actively checking for viruses each time files or disks are 
used. If VIRSTOP finds a problem, it gives a signal and displays a message on the 
screen. In this case, follow the displayed instructions. 


7. Run F-TEST program from the F-PROT directory to check whether VIRSTOP is 
properly installed and working. 


8. Since some of the viruses target specific anti-virus programs by name, it may 
be a good idea to rename F-PROT.exe to a different name. All executable files in 
the F-PROT Professional for DOS package can be renamed and continue working 
normally. 


1.2 Using F-PROT Professional for DOS in 
Interactive Mode 


When F-PROT Professional for DOS is installed on the hard disk, as described in the 
Section 14.1, “Installing F-PROT Professional for DOS”” it is located on the hard 
disk, drive C:, in the F-PROT directory. 
To start F-PROT Professional for DOS, type: 

C:\ <ENTER> 

cd \ F-PROT <ENTER> 

F-PROT <ENTER> 


F-PROT will load the stored virus information and scan for the known viruses. Then, 
the main menu is displayed. 


1 Functions of F-PROT Professional for DOS 


Using F-PROT Professional for DOS you can do the following: 
e¢ Scan for viruses. 
e¢ Configure F-PROT Professional to present information in different ways. 
e Look up information on known viruses or add information on new viruses. 
¢ Obtain information about the program. 
¢ Quit the program. 


2 Scanning for Viruses 
When Scan is chosen from the main menu, a sub-menu, showing the current 


option selections, is displayed. 


The following options are available for scanning parameters: 


Method Secure Scan 
Heuristic Analysis 
Search Hard disk 
Diskette drive 
Network 
<User -specified> 
Action Report only 
Disinfect/Query 
Automatic disinfection 
Delete/Query 
Automatic deletion 
Rename/Query 
Automatic renaming 
Targets Boot sector viruses (Yes/No) 
File viruses (Yes/No) 
User-defined strings (Yes/No) 
Packed files (Yes/No) 
Files Standard executables 
All files 


<User-specified> 


3 Scanning Method 


F-PROT Professional for DOS can scan for viruses using the two different methods: 
Secure Scan and Heuristic Analysis. 


VIRSTOP uses the Quick Scan scanning method. As it name implies, the Quick 
Scan is faster, but less secure, than Secure Scan, and cannot find some 
complicated encrypted viruses and some viruses, written in high-level languages. 


4 Where to Search 


The Search command is used to select the drives and directories F-PROT 
Professional for DOS should search for viruses. The following options are available: 


Hard Disk Scans all partitions on the internal hard disk. 


Diskette Drive Scans one of the diskette drives. Some removable hard disks 
also show in the Diskette Drive menu, due to drivers used. 


Network Scans all the network drives. By using this option, a network 
server's hard disk, except for its boot sectors, can be scanned 
for viruses from a workstation. 


User Specified Scans a drive, directory, or file, specified by the user. Ifa 
directory is selected, F-PROT checks all of its subdirectories as 
well. 

5 Action on Finding a Virus 


The Action command is used to choose the action to be taken on the infected file 
when the virus is found. The following options are available: 


Report only Default action; lists the name of the infected files. 


Disinfect/Query F-PROT prompts for confirmation before it attempts to 
disinfect the file. If the infection cannot be removed, the file is 
deleted. F-PROT asks for confirmation before deleting the file. 


Automatic disinfection The file is disinfected without confirmation request. 


Delete/Query The file is overwritten several times and then deleted. F-PROT 
asks for confirmation before deleting the file/ 


Automatic deletion The file is deleted without confirmation request. 


Rename/Query F-PROT renames the file, asking for confirmation first. The 
extensions are changed from .exe to .vxe, from .com to .vom. 


Automatic renaming The file is renamed without confirmation request. 
6 Target Virus Type 


The Targets command of the main menu is used to specify the types of viruses to 
search for. The default is to search for boot sector viruses, file viruses, and to 
search within packed files. The available options are described below: 


Select Boot sector viruses (Yes/No) alone if you are cleaning up after an attack 
by a specific boot sector virus. 


Select File viruses (Yes/No) alone if you are cleaning up after an attack by a 
specific file virus. 


Select User-defined strings (Yes/No) if you have manually updated F-PROT 
Professional for DOS with new search strings. 


Select Packed files (Yes/No) to have F-PROT search for viruses in packed files. 
Regardless of whether the infection occurred before or after packing, F-PROT 
Professional for DOS can find viruses in files packed with LZEXE, PKLITE, EXEPACK, 
DIET, and ICE. If the infection occurred after packing, F-PROT can find it in archives 
packed with other tools, as well. 


7 The Files To Be Scanned 


The Files command is used to select which types of files F-PROT should scan. Most 
viruses will only infect standard executable files. 


The default choice, Standard executables, is to scan the usual executable file 
types with the extensions: .com, .exe, ov?, app, .pgm, and .sys. This option is 
recommended for normal scanning. 


All files should be selected if you are cleaning up after a virus attack. This will 
ensure that the virus is not hiding in some obscure overlay file. 


The <User-specified> option allows the user to add a set of file extensions, for 
example, XTree Gold’s .xtr overlays to the list of files to be scanned. 


8 Executing Scan 


When you have selected the desired options, start the scan by choosing Begin 
Scan at the top of the Scan menu. 


The window at the bottom of the screen will display the names of the files as they 
are scanned. The scanning can be canceled at any time simply by pressing ESc. 


When the scan is finished, a summary of its results is displayed. If viruses or 
suspicious programs were found, press ENTER to view the report. Press S to save 
report on the disk, or press P to print it out. 


9 Configuring F-PROT Professional for DOS 


Presentation of information by F-PROT Professional for DOS can be configured 
using the two commands: Language and Setup. 


The default language for messages is English. Use the Language command to 
view the listing of the languages supported by your version of F-PROT. If 
alternatives are available, choose the one you require. You will need to re-install 
VIRSTOP with the new language setting. 


Use the Setup command to set up the list of information about viruses, which is 
available under the Viruses command of the main menu. This list can be displayed 
in two ways: by lines or by columns. By lines is the default choice. To change it, 
press Y after choosing the Setup command. 


10 Information on Viruses 


When a virus is found, it is important to get information about it. View information 
about viruses by choosing Viruses from the main menu. Use the PAGE UP and 
PAGE DOWN keys to move around the list and to select the virus in question. Then 
press ENTER to view the detailed information. 


Alternatively, get straight to the detailed information by starting typing the virus 
name. As soon as the virus name can be uniquely identified, the detailed 
information is displayed. 


11 New Virus Search Strings 


In the event of a sudden new virus epidemic, the virus search strings can be added 
to F-PROT Professional for DOS before its next update is available. The search 
strings can be entered by choosing New search strings under Viruses. 


After selecting New search strings, choose Add a new search string. You will 
be queried about the name of the virus; whether it infects .com files, .exe files, and 
boot sectors; and then asked to enter the hexadecimal search string. 


Choose List user-defined search strings to view the names of the viruses whose 
search strings were added, the names of the objects they infect, and the search 
string for each virus. 


Choosing Delete a search string displays the names of the user-defined viruses. 
Select the name of the virus you wish to delete. Confirmation is needed prior to 
deletion. 

You can also directly edit the user.def file, since it is a plain ASCII file, for example: 


CEB New_virus 
000102030405060708 


12 Exiting from F-PROT Professional for DOS 


To exit from F-PROT, press ESC repeatedly, until you return to the main menu. Once 
in the main menu, choose Quit. 


If you changed any options settings, either save the new settings by pressing Y, or 
exit without saving them by pressing N. 


It is not recommended to save the changes on the original F-PROT Professional for 
DOS diskette, as it should be write-protected all the time. Use a copy instead. 


13 Using F-PROT Professional for DOS in Command-Line 
Mode 


F-PROT Professional for DOS is usually run without any parameters when it enters 
the interactive mode. It is also possible to run F-PROT in the command-line mode, 


which makes it easier to tailor F-PROT to perform different kinds of searches. When 

F-PROT is run from a diskette in the command-line mode, it works almost as fast as 

when run from the hard disk. 

F-PROT Professional for DOS can be started from the command line as follows: 
F-PROT [drive, directory, or file] [parameters] 


F-PROT will then enter the command-line mode, unless the /inter parameter was 
given. The available parameters are listed below. 


/640 

/all 
/analyse 
/append 
/auto 
/beep 
/command 
/delete 
/disinf 


/ext= 


/freeze 
/freeze2 
/guru 
/hard 
/help 
/inter 
/list 
/mono 
/multi 
/net 
/nobreak 
/nofloppy 
/nomem 
/nosub 
/nowrap 
/[no]boot 


/[no]file 


Only scan 640K of memory. 

Check all files. 

Use heuristic analysis instead of search strings. 
Used with /report to append to existing report. 
Automatic deletion. 

Sound an alarm if a virus is found. 

Force command-line mode. 

Delete all infected files. 

Disinfect whenever possible. 


Specify default extensions for files to scan, use period as a 
separator. 


Freezes the machine if a virus is found in the memory. 
Freezes the machine if a virus is found on the disk. 
Report with more details when using heuristic analysis. 
Scan all DOS partitions on the hard disk. 

Display this list. 

Force interactive mode. 

List all files checked. 

Use monochrome mode on color displays. 

Scan multiple diskettes. 

Scan any network drives found. 

Do not abort scan if ESc is pressed. 

Do not test if there is a diskette in drive A: 

Skip initial memory scan. 

Do not scan subdirectories. 

Do not wrap text in reports. 

[Do not] scan boot sectors. 


[Do not] scan files. 


/[no]packed [Do not] scan inside packed files. 


/[no]Juser [Do not] scan for user-defined patterns. 

/page Pause after each page (command-line mode) 
/rename Rename infected files to .vom or .vxe. 

/report= Send the output to a file. 

/silent Don’t generate any screen output. 

/version Return with version number as an errorlevel value. 


Some examples of useful command lines are: 


F-PROT A: 
Scan a diskette using the Secure Scan method. 


F-PROT A: /multi /auto /disinf 
Scan multiple diskettes with automatic disinfection. 


F-PROT c: /list /report=List.txt 
Make a secure scan on drive C: and send a list of scanned files 
to List.txt. 


F-PROT /hard /all 
Scan all files on all the partitions of the hard disk. 


F-PROT /hard /nofile 
Scan only the memory and boot sectors for viruses. 


F-PROT D: E: /all 
Scan all files on drives D: and E:. 


F-PROT /net 
Scan all network drives. 


F-PROT I:\PD 
Scan a public domain directory on the file server. 


F-PROT c:\ /nosub 
Scan just the root directory of drive C:. 


F-PROT scans in the command-line mode can be aborted by pressing ESC unless 
/nobreak parameter was used. 


When F-PROT is run in the command line mode, it will return an exit code, which 
can be checked with the DOS errorlevel command. 


0 Normal exit; nothing found. 


1 Abnormal termination, unrecoverable error (usually a missing 
or corrupted F-PROT file.) 


Self-test failed, program has been modified. 
A Boot/File virus infection found. 

Virus search strings found in memory. 
Program terminated be Esc. 


At least one virus was removed. 
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Out of memory. 
8 Suspicious files found, not necessarily a virus. 


F-PROT Professional for DOS can be executed every time the computer is started by 
adding the necessary command line to the Autoexec.bat file. A batch file FP.BAT is 
included on the installation diskette and copied to the \F-PROT directory when 
F-PROT Professional for DOS is installed. If this batch file is called from 
Autoexec.bat, it runs F-PROT on the start-up and displays the message appropriate 
to the exit code. This batch file can be easily modified to suit the paths and 
requirements of the user. 


The F-PROT Professional for DOS package may include the following components: 


F-PROT.EXE 


VIRSTOP.EXE 


INSTALL. EXE 


F-CHECK.EXE 
F-TEST.COM 


SIGN.DEF 


USER.DEF 


SETUP.F2 
F-AUTO.EXE 


FPUPDATE.BAT 


VERSION_N.NNZ 


FP.BAT 


FIXBOOT.EXE 
AUTOINST.EXE 


AUTOINST.INI 


F-ARC 
IS_VS.BAT 


ENGLISH.TX0O 


The main module of F-PROT Professional for DOS, with virus 
scanning and disinfecting features. 


The virus stopping program that offers active protection from 
viruses. 


The F-PROT Professional for DOS installation program, which 
also configures VIRSTOP. 


The integrity checking program. 
A utility program for verifying that VIRSTOP is operating. 


A database, containing search strings for viruses. This file is 
encrypted. 


An optional file containing additional search strings defined by 
the user. 


Used for storing user preferences. 
A utility program to automate the running of F-PROT. 


An example batch file to install and update F-PROT 
Professional for DOS on network workstations. 


Used with FPUPDATE.BAT to return the version number, 
N.NNZ, of the package. 


An example batch file to run F-PROT Professional for DOS and 
return error messages if necessary. 


A generic boot sector disinfector. 


The utility to install or update F-PROT Professional 
automatically to all the network workstations. 


An initialization file to configure automatic installation or 
updating of F-PROT Professional. 


A utility program for scanning packed files. 
A batch file to check if VIRSTOP is active in memory. 


Used for language support, along with such files as: 
ITALIANO.TXO, SWEDISH.TXO, VIR-HELP.ENG, VIR-HELP.ITA and 
others. 


